Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows

Contact - Advertise

Getting Started

Creating the Initial File

Testing

Implementation

Basic Techniques

Mapping Network Drives

Connecting Printers

Section Labels

More Advanced
Techniques

Domain Group Membership For Drive and Printer Mapping 

Recording Script Results

Location Detection

Machine Identification

Operating System Detection

Limiting the Number of Logins

Registry Changes

Redirection of Internet Explorer Favourites

Checking for Existence
of a File or Directory

If you have a network share or a printer that you want to restrict access to, you will typically set permissions on it so that only those authorised to do so can access the resource.

The most efficient method of permission setting is to use a group. You then put the users in to a group and set permissions on the resource to the group. When you need to remove a user from having access (they have left for example) you just remove them from the central group and all their permissions have gone.

You can use these same group settings to control who gets a drive mapped and who is automatically set up with a printer. By combining the group membership not only to access but also to the login script you only have one thing to change to grant access to a resource.
If you add a user to a group all you need to do is get the user to log out and then log back in again and they will have access to the new resource.
If you remove a user's access then next time they login, the resource will be gone (if you are using non-persistent settings).

This function is provided by a Resource kit tool called "ifmember". This can also be downloaded from the Microsoft web site.

What "ifmember" does is check whether a user is a member of a certain group, then depending on the response (error level) the script can carry out further commands, usually using the "if" command.

For example, take a look at this short script to test whether a user is in a Windows group called "accounts".

:accounts
ifmember accounts
if not errorlevel 1 goto next
echo Connecting to Accounts...
net use N: \\server1\accounts$

:next

This script asks if the member is in accounts ("ifmember accounts")
Then, if the response is not Yes ("error level 1") the script is sent to the section marked labelled next. (see Section Labels above)
If the response is Yes ("error level 0") the commands below are processed in order until the next "goto" is found.

Note: The $ after the share name indicates that the share is hidden. If you share a resource with a $ at the end then it doesn't appear in any lists that a user can find in "Network Neighbourhood". It doesn't stop anyone from connecting to it if they know the exact name, but it stops casual browsers. It can also help if you have a large number of shares on one machine, but only a few are available to a significant numbers of people as it will limit the length of the list that is seen.

You can use the same techniques for printers:

:accounts-printer
ifmember "printer - finance"
if not errorlevel 1 goto next-printer
echo Connecting to Finance Printer...
con2prt /cd \\server1\printer-finance$

:next-printer

This way you can have long scripts that map drives and printers depending on the group membership which can mean many users have different combinations of printers and drive letters, but they have access to all of them.

If you are connecting some users to multiple printers (for example the usual printer is a heavy duty laser but a couple have access to a lighter but closer DeskJet) then you should play around with the order the printers are connected in to ensure that the one you want to be the default is the last printer. By doing this you can ensure people who only connect to one printer get the correct one as their default.

Alternative Method

You may be wondering why the examples haven't been shown using something like the following:

:accounts-printer
ifmember "printer - finance" goto accounts-printer2
goto next-printer

:accounts-printer2
echo Connecting to Finance Printer...
con2prt /cd \\server1\printer-finance$

:next-printer

While this would work is requires more section labels and increases administration of the script.
Using the method in most of the examples on this page means that each printer, drive mapping etc is contained under a single section label. It makes the script look neater, easier to follow and to manage. Cutting and pasting is very straight forward.

Back to the Top
Contact Us - Advertise on amset.info
Login Scripts Index - Home Page

Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows

© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.